Fixes for TSIP AES CTR unit tests and handling of invalid cases.

dgarske · dgarske · commit 41591e7eb9e5 · 2025-06-24T09:41:33.000-07:00
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
@@ -226,12 +226,6 @@ static int tsip_aes128_ctr_test(int prnt, tsip_aes_key_index_t* aes_key)
         0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
         0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
-    {
-        0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
-        0xc2
-    };
-
     WOLFSSL_SMALL_STACK_STATIC const byte ctr128Key[] =
     {
         0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
@@ -249,13 +243,6 @@ static int tsip_aes128_ctr_test(int prnt, tsip_aes_key_index_t* aes_key)
         0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
         0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
     };
-
-    WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128Cipher[] =
-    {
-        0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62,
-        0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86,
-        0xd3,0xda,0xe1,0x5b,0x04
-    };
     WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128CipherLong[] =
     {
         0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62,
@@ -274,14 +261,6 @@ static int tsip_aes128_ctr_test(int prnt, tsip_aes_key_index_t* aes_key)
     } testVec[] = {
         { ctr128Key, (int)sizeof(ctr128Key), ctrIv,
           ctrPlain, (int)sizeof(ctrPlain), ctr128Cipher },
-        /* let's try with just 9 bytes, non block size test */
-        { ctr128Key, (int)sizeof(ctr128Key), ctrIv,
-          ctrPlain, (int)sizeof(oddCipher), ctr128Cipher },
-        /* and an additional 9 bytes to reuse tmp left buffer */
-        { NULL, 0, NULL, ctrPlain, (int)sizeof(oddCipher), oddCipher },
-        /* Counter wrapping */
-        { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128,
-          ctrPlain, (int)sizeof(ctr128Wrap128Cipher), ctr128Wrap128Cipher },
         { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128,
           ctrPlain, (int)sizeof(ctr128Wrap128CipherLong),
           ctr128Wrap128CipherLong },
@@ -302,6 +281,22 @@ static int tsip_aes128_ctr_test(int prnt, tsip_aes_key_index_t* aes_key)
         goto out;
     }
 
+    /* test failure cases - null */
+    ret = wc_tsip_AesCtr(NULL, NULL, NULL, 1);
+    if (ret != BAD_FUNC_ARG) {
+        ret = -8; goto out;
+    }
+    /* test failure cases - size, but no buffer */
+    ret = wc_tsip_AesCtr(enc, NULL, NULL, 1);
+    if (ret != BAD_FUNC_ARG) {
+        ret = -9; goto out;
+    }
+    /* test failure cases - non block aligned  */
+    ret = wc_tsip_AesCtr(enc, plain, cipher, 15);
+    if (ret != BAD_FUNC_ARG) {
+        ret = -10; goto out;
+    }
+
     for (i = 0; i < AES_CTR_TEST_LEN; i++) {
         if (testVec[i].key != NULL) {
             ret = wc_AesSetKeyDirect(enc, testVec[i].key, (word32)testVec[i].keySz,
@@ -386,11 +381,6 @@ static int tsip_aes256_ctr_test(int prnt, tsip_aes_key_index_t* aes_key)
         0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
         0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
-    {
-        0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
-        0xc2
-    };
     WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
     {
         0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
@@ -410,12 +400,6 @@ static int tsip_aes256_ctr_test(int prnt, tsip_aes_key_index_t* aes_key)
         0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6,
         0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128Cipher[] =
-    {
-        0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48,
-        0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6,
-        0x4b,0x45,0x7c,0xd6,0x8a
-    };
     WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128CipherLong[] =
     {
         0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48,
@@ -435,12 +419,6 @@ static int tsip_aes256_ctr_test(int prnt, tsip_aes_key_index_t* aes_key)
     } testVec[] = {
         { ctr256Key, (int)sizeof(ctr256Key), ctrIv,
           ctrPlain, (int)sizeof(ctrPlain), ctr256Cipher },
-        /* let's try with just 9 bytes, non block size test */
-        { ctr256Key, (int)sizeof(ctr256Key), ctrIv,
-          ctrPlain, (int)sizeof(oddCipher), ctr256Cipher },
-        /* Counter wrapping */
-        { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128,
-          ctrPlain, (int)sizeof(ctr256Wrap128Cipher), ctr256Wrap128Cipher },
         { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128,
           ctrPlain, (int)sizeof(ctr256Wrap128CipherLong),
           ctr256Wrap128CipherLong },
@@ -461,6 +439,22 @@ static int tsip_aes256_ctr_test(int prnt, tsip_aes_key_index_t* aes_key)
         goto out;
     }
 
+    /* test failure cases - null */
+    ret = wc_tsip_AesCtr(NULL, NULL, NULL, 1);
+    if (ret != BAD_FUNC_ARG) {
+        ret = -8; goto out;
+    }
+    /* test failure cases - size, but no buffer */
+    ret = wc_tsip_AesCtr(enc, NULL, NULL, 1);
+    if (ret != BAD_FUNC_ARG) {
+        ret = -9; goto out;
+    }
+    /* test failure cases - non block aligned  */
+    ret = wc_tsip_AesCtr(enc, plain, cipher, 15);
+    if (ret != BAD_FUNC_ARG) {
+        ret = -10; goto out;
+    }
+
     for (i = 0; i < AES_CTR_TEST_LEN; i++) {
         if (testVec[i].key != NULL) {
             ret = wc_AesSetKeyDirect(enc, testVec[i].key, (word32)testVec[i].keySz,
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
@@ -606,13 +606,17 @@ int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
 #endif /* HAVE_AES_CBC */
 
 #ifdef WOLFSSL_AES_COUNTER
+/* API only supports even blocks (16 byte) */
+/* Use the public wc_AesCtrEncrypt with crypto callbacks to handle odd remain */
 int wc_tsip_AesCtr(struct Aes* aes, byte* out, const byte* in, word32 sz)
 {
     tsip_aes_handle_t _handle;
     int ret;
+    int blocks = (int)(sz / WC_AES_BLOCK_SIZE);
+    int remain = (int)(sz % WC_AES_BLOCK_SIZE);
     byte *iv;
 
-    if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+    if (aes == NULL || in == NULL || out == NULL || sz == 0 || remain != 0) {
         return BAD_FUNC_ARG;
     }
 
@@ -630,7 +634,7 @@ int wc_tsip_AesCtr(struct Aes* aes, byte* out, const byte* in, word32 sz)
         ret = R_TSIP_Aes128CtrInit(&_handle, &aes->ctx.tsip_keyIdx, iv);
         if (ret == TSIP_SUCCESS) {
             ret = R_TSIP_Aes128CtrUpdate(&_handle, (uint8_t*)in,
-                (uint8_t*)out, sz);
+                (uint8_t*)out, blocks * WC_AES_BLOCK_SIZE);
             if (ret == TSIP_SUCCESS) {
                 ret = R_TSIP_Aes128CtrFinal(&_handle);
             }
@@ -644,7 +648,7 @@ int wc_tsip_AesCtr(struct Aes* aes, byte* out, const byte* in, word32 sz)
         ret = R_TSIP_Aes256CtrInit(&_handle, &aes->ctx.tsip_keyIdx, iv);
         if (ret == TSIP_SUCCESS) {
             ret = R_TSIP_Aes256CtrUpdate(&_handle, (uint8_t*)in,
-                (uint8_t*)out, sz);
+                (uint8_t*)out, blocks * WC_AES_BLOCK_SIZE);
             if (ret == TSIP_SUCCESS) {
                 ret = R_TSIP_Aes256CtrFinal(&_handle);
             }
@@ -656,9 +660,9 @@ int wc_tsip_AesCtr(struct Aes* aes, byte* out, const byte* in, word32 sz)
 
     if (ret == TSIP_SUCCESS) {
         /* increment IV counter */
-        int i, blocks = (int)(sz / WC_AES_BLOCK_SIZE);
         while (blocks--) {
             /* in network byte order so start at end and work back */
+            int i;
             for (i = WC_AES_BLOCK_SIZE - 1; i >= 0; i--) {
                 if (++iv[i]) /* we're done unless we overflow */
                     break;
